package com.dahouzi.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		// userDetailsService(userDetailsService());
		http.headers().frameOptions().disable();
		http.authorizeRequests().antMatchers("/js/**", "/summernote/**", "/simditor/**", "/highlight/**", "/css/**", "/**").permitAll()// 静态资源
				.antMatchers("/**").permitAll()// 静态资源
				// .antMatchers("/express/**").hasRole("admin")//只有admin才能访问
				// .antMatchers("/express/**").permitAll()//任意角色访问
				.anyRequest().authenticated();
		// 登陆路径方法
		System.out.println("--------配置权限------");
		http.formLogin().loginPage("/adminCtrl/login").defaultSuccessUrl("/Article4AdminCtrl/summernotEdit").failureUrl("/adminCtrl/login?error").permitAll().and().logout()
				.logoutUrl("/adminCtrl/loginOut").permitAll();
	}

	@Autowired
	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
		auth.inMemoryAuthentication().withUser("lgl").password("0668@lgl").roles("admin");
	}

}